Package WAPT tis-keycloak-server 26.0.2-9 debian(>=11),ubuntu(>=18)

tis-keycloak-server

26.0.2-9

Keycloak is an open-source software package that enables a single authentication method to be introduced through identity and access management.

3380 downloads

Download
See build result See VirusTotal scan

Description

package : tis-keycloak-server
name : Keycloak Server
version : 26.0.2-9
categories : Security, System and network
maintainer : Kevin Guerineau,WAPT Team,Tranquil IT
installed_size :
editor : JBoss Red Hat
licence : Apache 2.0
signature_date : 2024-10-29T09:06:42.000000
size : 146.81 Mo
locale : all
target_os : debian(>=11),ubuntu(>=18)
impacted_process : java
architecture : x64
Homepage : https://www.keycloak.org/

control


package           : tis-keycloak-server
version           : 26.0.2-9
architecture      : x64
section           : base
priority          : optional
name              : Keycloak Server
categories        : Security, System and network
maintainer        : Kevin Guerineau,WAPT Team,Tranquil IT
description       : Keycloak is an open-source software package that enables a single authentication method to be introduced through identity and access management.
depends           : 
conflicts         : 
maturity          : PROD
locale            : all
target_os         : debian(>=11),ubuntu(>=18)
min_wapt_version  : 2.2
sources           : 
installed_size    : 
impacted_process  : java
description_fr    : Keycloak est un logiciel à code source ouvert permettant d'instaurer une méthode d'authentification unique à travers la gestion par identité et par accès.
description_pl    : Keycloak to pakiet oprogramowania typu open-source, który umożliwia wprowadzenie pojedynczej metody uwierzytelniania poprzez zarządzanie tożsamością i dostępem.
description_de    : Keycloak ist eine quelloffene Software, mit der Sie eine Single-Sign-On-Methode durch Identitäts- und Zugriffsverwaltung einführen können.
description_es    : Keycloak es un paquete de software de código abierto que permite introducir un único método de autenticación mediante la gestión de identidades y accesos.
description_pt    : O Keycloak é um pacote de software de código aberto que permite a introdução de um único método de autenticação através da gestão da identidade e do acesso.
description_it    : Keycloak è un pacchetto software open-source che consente di introdurre un unico metodo di autenticazione attraverso la gestione delle identità e degli accessi.
description_nl    : Keycloak is een open-source softwarepakket waarmee één authenticatiemethode kan worden ingevoerd via identiteits- en toegangsbeheer.
description_ru    : Keycloak - это пакет программного обеспечения с открытым исходным кодом, который позволяет внедрить единый метод аутентификации в рамках управления идентификацией и доступом.
audit_schedule    : 
editor            : JBoss Red Hat
keywords          : 
licence           : Apache 2.0
homepage          : https://www.keycloak.org/
package_uuid      : f0f204b4-b0a8-4566-bbfc-bc5487f94e5e
valid_from        : 
valid_until       : 
forced_install_on : 
changelog         : 
min_os_version    : 
max_os_version    : 
icon_sha256sum    : f844ec0989ea764ddcbb17e3e0ea7c15aa95e53d6e47d1c4950a1742a15707f5
signer            : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature_date    : 2024-10-29T09:06:42.000000
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes
signature         : Ki9iwEJhQnwTfS5kbjmJY3MyLk+pgxSDpdIpchDSWwws1O1caXt+20eMuHvcsV/CRIroxWMRv5FQ1Yvaz7vkKfPjdk0CWyrkXiqo7+NBE19OYQI8MD4DMl4EqAEHAxvjoCKDbQkm1dUFnxJed+NpdjnnlBonPLlefVo+f+UuWzmUWiFOGCNcykqQGFMPSP9b3SzjF4kZA/ZYodSoLrU7x+CWJbt2lMQ/D3dtklAuA/o1BKdV0TB0Nxkg8/Nt8T9CUihpiulVzLu1wiRljwMdj20oWppyJbsS+PTQsD/VeH9oFcBJRI6+2s+UZMOOtAXk8O80I9EsnBmBU4AQnqNCPw==

Setup.py


# -*- coding: utf-8 -*-
from setuphelpers import *
import string
import random
import jinja2

from waptcrypto import SSLCertificate, SSLPrivateKey

kc_url = 'https://keycloak.mydomain.lan' # Values : URL String
kc_health = 'true' # Values (str) : true / false
kc_metrics = 'false' # Values (str) : true / false
use_apache2 = True # Values : True / False

generate_ssl_cert = True # Values : True / False. Use False if you use commercial, Let's Encrypt or your PKI certificate.
# In this case, please configure "ssl_certificate_path" and "ssl_key_path".
ssl_certificate_path = None # Set None if generate_ssl_cert = True
ssl_key_path = None # Set None if generate_ssl_cert = True

keycloak_installdir = makepath('/opt','keycloak')
keycloak_installdir_bck = makepath('/opt','keycloak.bck')
keytabfile_path = makepath(keycloak_installdir,'conf','http-krb5.keytab')
keytabfile_path_bck = makepath(keycloak_installdir_bck,'conf','http-krb5.keytab')
keycloak_a2site = makepath('/etc','apache2','sites-available','keycloak.conf')


def systemd_enable_start_service(servicename):
    return run('LANG=C systemctl enable --now %s' % (servicename))


def install():

    print('If upgrade, stop keycloak service')
    try:
        systemd_stop_service('keycloak.service')
        first_install = False
    except:
        print("It's the first install")
        first_install = True

    print('Install requirements')
    install_apt('openjdk-17-jdk')
    install_apt('postgresql')

    if not first_install:
        if isdir(keycloak_installdir_bck):
            print('Remove old backup dir')
            remove_tree(keycloak_installdir_bck)

        print('Create backup of old installation.')
        copytree2(keycloak_installdir,keycloak_installdir_bck)
        remove_tree(keycloak_installdir)

    mkdirs(keycloak_installdir)

    print('Extract archive')
    version = control.version.split('-')[0]
    run(f'tar xzf keycloak-{version}.tar.gz -C {keycloak_installdir}')
    # Patch to use keycloak folder without version number in directory name.
    copytree2(makepath(keycloak_installdir,f'keycloak-{version}'),keycloak_installdir)
    remove_tree(makepath(keycloak_installdir,f'keycloak-{version}'))

    if first_install:
        print('Create group and user')
        run('groupadd -r keycloak')
        run(f'useradd -r -g keycloak -d {keycloak_installdir} -s /sbin/nologin keycloak')

        print('Create Postgresql user and database')
        run('sudo -u postgres psql -c "create database keycloak with encoding \'UTF8\';" ')

        database_password = ''.join(random.choices(string.ascii_uppercase + string.digits, k = 15))
        run(f""" sudo -u postgres psql -c "create user keycloak with password '{database_password}';" """)

        run(f""" sudo -u postgres psql -c "grant all ON database keycloak to keycloak;" """)
        run(f""" sudo -u postgres psql -d keycloak -c "grant all on schema public to keycloak ;" """)

        print('Create service')
        service = f"""[Unit]
Description=Keycloak Service
After=network.target syslog.target postgresql.target

[Service]
User=keycloak
Group=keycloak
ExecStart={keycloak_installdir}/bin/kc.sh start
SuccessExitStatus=0 143
WorkingDirectory={keycloak_installdir}

[Install]
WantedBy=multi-user.target

"""
        with open('/lib/systemd/system/keycloak.service','w') as service_file:
            service_file.write(service)

        run('systemctl daemon-reload')

    print('Set user rights')
    run(f'chown -R keycloak:keycloak {keycloak_installdir}')

    if first_install:
        if use_apache2:
            print('Install Apache2')
            install_apt('apache2')

            print('Enable Apache2 modules')
            run('a2enmod ssl headers proxy proxy_http')

            jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader('templates'))
            template = jinja_env.get_template('apache2.conf.j2')

            if generate_ssl_cert:
                print('Generate SSL key and certificate')
                ap_ssl_dir = makepath('/etc','ssl')
                mkdirs(ap_ssl_dir)
                key_fn = os.path.join(ap_ssl_dir,'private','keycloak_key.pem')
                key = SSLPrivateKey(key_fn)
                if not os.path.isfile(key_fn):
                    print('Create SSL RSA Key %s' % key_fn)
                    key.create()
                    key.save_as_pem()

                cert_fn = os.path.join(ap_ssl_dir,'certs','keycloak_cert.pem')
                if os.path.isfile(cert_fn):
                    crt = SSLCertificate(cert_fn)
                    if os.path.isfile(cert_fn):
                        crt = SSLCertificate(cert_fn)
                        if crt.cn != get_fqdn():
                            os.rename(cert_fn,"%s-%s.old" % (cert_fn,'{:%Y%m%d-%Hh%Mm%Ss}'.format(datetime.datetime.now())))
                            crt = key.build_sign_certificate(cn=get_fqdn(),is_code_signing=False)
                            print('Create X509 cert %s' % cert_fn)
                            crt.save_as_pem(cert_fn)
                else:
                    crt = key.build_sign_certificate(cn=get_fqdn(),is_code_signing=False)
                    print('Create X509 cert %s' % cert_fn)
                    crt.save_as_pem(cert_fn)

                template_variables = {
                    'kc_url': kc_url.replace('https://','').replace('http://',''),
                    'ssl_certificate_path': cert_fn.replace('\\','/'),
                    'ssl_key_path': key_fn.replace('\\','/')
                }
            else:
                template_variables = {
                    'kc_url': kc_url.replace('https://','').replace('http://',''),
                    'ssl_certificate_path': ssl_certificate_path,
                    'ssl_key_path': ssl_key_path
                }

            print('Write Apache2 site configfile')
            config_string = template.render(template_variables)
            print(f'Create Apache2 configuration file {keycloak_a2site}')
            with open(keycloak_a2site, 'w') as dst_file:
                dst_file.write(config_string)

            print('Enable keycloak site and disable default site')
            run('a2ensite keycloak.conf')
            run_notfatal('a2dissite 000-default.conf')

            print('Restart apache2 service')
            systemd_restart_service('apache2')


        jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader('templates'))
        template = jinja_env.get_template('keycloak.conf.j2')

        template_variables = {
            'use_apache2': use_apache2,
            'pgsql_passwd': database_password,
            'kc_health': kc_health,
            'kc_metrics': kc_metrics,
            'kc_url': kc_url.replace('https://','').replace('http://',''),
        }

        print('Write Keycloak configuration')
        config_string = template.render(template_variables)
        print('Create Keycloak configuration file %s' % makepath(keycloak_installdir,'conf/keycloak.conf'))
        with open(makepath(keycloak_installdir,'conf/keycloak.conf'), 'w') as dst_file:
                dst_file.write(config_string)

        print('Start Keycloak Server to create first admin user. Please wait 120 seconds.')
        run_notfatal('export KEYCLOAK_ADMIN=admin && export KEYCLOAK_ADMIN_PASSWORD=admin && /opt/keycloak/bin/kc.sh start', timeout=120)

    if not first_install:
        print('Copy old configfile')
        filecopyto(makepath(keycloak_installdir_bck,'conf/keycloak.conf'), makepath(keycloak_installdir,'conf','keycloak.conf'))
        if isfile(keytabfile_path_bck):
            filecopyto(keytabfile_path_bck,keytabfile_path)

    print('Build Keycloak for production')
    run("/opt/keycloak/bin/kc.sh build")

    print('Set user rights')
    run(f'chown -R keycloak:keycloak {keycloak_installdir}')
    if isdir('/var/log/keycloak'):
        run(f'chown -R keycloak:keycloak /var/log/keycloak')

    print('Start Keycloak service')
    systemd_enable_start_service('keycloak')


def uninstall():

    print('Stop keycloak service')
    systemd_stop_service('keycloak')

    print('Delete Postgresql user and database')
    run('sudo -u postgres psql -c "drop database keycloak;" ')
    run('sudo -u postgres psql -c "drop user if exists keycloak;" ')

    print('Remove keycloak directory')
    remove_tree(keycloak_installdir)

    print('Disable apache configuration')
    run('a2dissite keycloak.conf')

    print('Restart apache2 service')
    systemd_restart_service('apache2')

    print('Uninstall done, but not for postgresql and openjdk-17-jdk')

update_package.py


# -*- coding: utf-8 -*-
from setuphelpers import *
import platform
import json

# Declaring specific app values (TO CHANGE)
package_name = "keycloak-server"


def update_package():
    print("Download/Update package content from upstream binary sources")

    # Getting proxy informations from WAPT settings
    proxy = {}
    if platform.system() == "Windows" and isfile(makepath(user_local_appdata(), "waptconsole", "waptconsole.ini")):
        proxywapt = inifile_readstring(makepath(user_local_appdata(), "waptconsole", "waptconsole.ini"), "global", "http_proxy")
        if proxywapt:
            proxy = {"http": proxywapt, "https": proxywapt}

    # Specific app values
    app_name = control.name
    git_repo = "keycloak/keycloak"
    url_api = "https://api.github.com/repos/%s/releases/latest" % git_repo

    # Getting latest informations from Github API
    json_load = json.loads(wgets(url_api, proxies=proxy))

    for asset in json_load['assets']:
        if '.tar.gz' in asset['name']:
            url_dl = asset['browser_download_url']
            break

    version = json_load["tag_name"]

    latest_bin = f"keycloak-{version}.tar.gz"

    print("Latest " + app_name + " version is: " + version)
    print("Download url for APT-based systems is: " + url_dl)

    # Downloading latest binaries
    if not isfile(latest_bin):
        print("Downloading: " + latest_bin)
        wget(url_dl, latest_bin, proxies=proxy)

        # Changing version of the package
        control.version = "%s-%s" % (version, int(control.version.split("-", 1)[1]) + 1)
        control.save_control_to_wapt()
        print("Changing version to " + control.version + " in WAPT\\control")
    else:
        print("This package is already up-to-date")

    # Deleting outdated binaries
    for bin_in_dir in glob.glob("*.deb"):
        if bin_in_dir != latest_bin_deb:
            print("Outdated binary: " + bin_in_dir + " Deleted")
            remove_file(bin_in_dir)

manifest.sha256


                                
38d056ab130f7bf7c481c12636a4e9959de36561d3dfcbe54c6e3571bc0c1dc3 : WAPT/certificate.crt 
6c0a485fea7b760d8fd3018288c6832b5981065101022c4af553356ea646a988 : WAPT/control 
f844ec0989ea764ddcbb17e3e0ea7c15aa95e53d6e47d1c4950a1742a15707f5 : WAPT/icon.png 
1df8d4eb433a12193213446693e102740a612984879ac127c9eed87c5ac671a8 : keycloak-26.0.2.tar.gz 
af3a035ebfc9ccdff5b8dbb3fd6b31682a728268e5aa6b00a6a24ef5798f600f : luti.json 
5c499dbb30b08d808eb3daa0b6ea27034e6a5a8917410262bb06b5a598d16ef2 : setup.py 
2e0a83ecaeea7eddbae90b147e96c1fc8c090a1fa2470bdb1379aa2acdae70ac : templates/apache2.conf.j2 
bac03e0a77c84f2bc3bc0508fed35776d9f11eb24d74c308de9b4417f92c7b02 : templates/keycloak.conf.j2 
ac22e1de3141fa7d3c6084c95e702af4dcc684448335a242a9240c26b1763e8e : update_package.py

Choose languages

Choose architecture

Choose OS

Choose Categorie

Filter on package licensing

tis-keycloak-server

Description

control

Setup.py

update_package.py